dostulata/initiative
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b2fb99b37220fa9ddb197b26f1f0cb4712e9eba
initiative/package.json
T
Lukas a97ffe5ed1 chore(deps): bump vite, jsdom; pin undici and suppress unreachable advisory 
Bumps vite ^8.0.5 → ^8.0.16 (GHSA-fx2h-pf6j-xcff, server.fs.deny
bypass on Windows) and jsdom ^29.0.1 → ^29.1.1 to unblock the
pre-commit audit gate.

The existing >=7.24.0 undici override was floating to 8.x, which
broke jsdom (it reaches into undici 7's private module layout).
Tightened to ~7.24.0 to keep jsdom working. That leaves
GHSA-vmh5-mc38-953g (undici SOCKS5 ProxyAgent TLS bypass) open —
patched in 7.28+ but we can't move there until jsdom updates its
pin. We never use a SOCKS5 proxy in tests, so the vulnerable code
path is unreachable. Added an auditConfig.ignoreGhsas entry with
a note explaining the rationale and the condition for removing it.
2026-06-19 16:29:42 +02:00

49 lines
2.0 KiB
JSON
Raw Blame History

{
"private": true,
"packageManager": "pnpm@10.32.1+sha512.a706938f0e89ac1456b6563eab4edf1d1faf3368d1191fc5c59790e96dc918e4456ab2e67d613de1043d2e8c81f87303e6b40d4ffeca9df15ef1ad567348f2be",
"pnpm": {
"overrides": {
"undici": "~7.24.0",
"picomatch": ">=4.0.4"
},
"auditConfig": {
"ignoreGhsas": [
"GHSA-vmh5-mc38-953g"
],
"_ignoreGhsasNotes": {
"GHSA-vmh5-mc38-953g": "undici SOCKS5 ProxyAgent TLS bypass. Only reachable via undici/jsdom (test-time). Patched in undici>=7.28.0 but jsdom@29.1.1 reaches into undici's private module layout, so forcing 7.28+ via override breaks tests. We never use a SOCKS5 proxy in tests, so the path is unreachable. Drop this entry once jsdom updates its undici pin."
}
}
},
"devDependencies": {
"@biomejs/biome": "2.4.8",
"@vitest/coverage-v8": "^4.1.0",
"jscpd": "^4.0.8",
"jsinspect-plus": "^3.1.3",
"knip": "^5.88.1",
"lefthook": "^2.1.4",
"oxlint": "^1.56.0",
"oxlint-tsgolint": "^0.17.1",
"typescript": "^5.8.0",
"vitest": "^4.1.0"
},
"scripts": {
"prepare": "lefthook install",
"format": "biome format --write .",
"format:check": "biome format .",
"lint": "biome lint .",
"lint:fix": "biome lint --write .",
"typecheck": "tsc --build",
"test": "vitest run",
"test:watch": "vitest",
"knip": "knip",
"jscpd": "jscpd",
"jsinspect": "jsinspect -c .jsinspectrc apps/web/src packages/domain/src packages/application/src",
"oxlint": "oxlint --tsconfig apps/web/tsconfig.json --type-aware --deny-warnings",
"check:ignores": "node scripts/check-lint-ignores.mjs",
"check:classnames": "node scripts/check-cn-classnames.mjs",
"check:props": "node scripts/check-component-props.mjs",
"check": "pnpm audit --audit-level=high && knip && biome check . && node scripts/check-lint-ignores.mjs && node scripts/check-cn-classnames.mjs && node scripts/check-component-props.mjs && jscpd && pnpm jsinspect && tsc --build && oxlint --tsconfig apps/web/tsconfig.json --type-aware --deny warnings && vitest run"
}
}
Reference in New Issue View Git Blame Copy Permalink